system/flex: CVE-2019-6293: recursive call stack exhaustion
Bugzilla ID | 147 |
Alias(es) | CVE-2019-6293 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2019-07-31 07:09:24 -0500 |
Modified | 2020-06-22 06:08:30 -0500 |
Status | CONFIRMED |
Version | 1.0-BETA3 |
Hardware | Adélie Linux / All |
Importance | --- / minor |
Package(s) | system/flex |
URL | https://nvd.nist.gov/vuln/detail/CVE-2019-6293 |
Description
An issue was discovered in the function mark_beginning_as_normal in
nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the
mark_beginning_as_normal function making recursive calls to itself in
certain scenarios involving lots of '*' characters. Remote attackers
could leverage this vulnerability to cause a denial-of-service.